Mark Allman / ICSI @mallman_icsi

Kyle Schomp, Mark Allman, Michael Rabinovich. DNS Resolvers Considered Harmful, ACM SIGCOMM Workshop on Hot Topics in Networks (HotNets), October 2014.
PDF | Kyle's Slides


The Domain Name System (DNS) is a critical component of the Internet infrastructure that has many security vulnerabilities. In particular, shared DNS resolvers are a notorious security weak spot in the system. We propose an unorthodox approach for tackling vulnerabilities in shared DNS resolvers: removing shared DNS resolvers entirely and leaving recursive resolution to the clients. We show that the two primary costs of this approach---loss of performance and an increase in system load---are modest and therefore conclude that this approach is beneficial for strengthening the DNS by reducing the attack surface.


    author    =        "Kyle Schomp and Mark Allman and Michael Rabinovich",
    title     =        "{DNS Resolvers Considered Harmful}",
    booktitle =        "ACM SIGCOMM HotNets",
    year      =        2014,
    month     =        oct,

Scribe notes from HotNets talk are here.
"We are what we repeatedly do. Excellence, then, is not an act, but a habit." --Aristotle